Module Comparison
| Feature | XDR Module | XDR + SIEM Module |
|---|---|---|
| Deployment time | 15–20 min | 30–45 min |
| Azure resources required | None | Yes (auto-deployed) |
| Defender XDR incidents | ✅ | ✅ |
| Sentinel incidents | ❌ | ✅ |
| Entity enrichment | ✅ | ✅ |
| Gamebook response actions | ✅ | ✅ |
| Multi-tenant management | ✅ | ✅ |
| Endpoint visibility | ✅ | ✅ |
| Content Management System (CMS) | ❌ | ✅ |
| Real-time email notifications | ❌ | ✅ |
| Log search & threat hunting | ❌ | ✅ |
| Azure Lighthouse delegation | ❌ | ✅ |
Which Module Should I Choose?
Choose XDR if your organization primarily uses Microsoft Defender XDR and doesn’t need Sentinel integration, detection rule management, or log search. It’s faster to deploy and has no Azure infrastructure requirements. Choose XDR + SIEM if you need the full security operations suite — Sentinel incident correlation, custom detection rules via CMS, real-time notifications, and advanced threat hunting. This is the recommended module for MSPs/MSSPs providing managed detection and response services.You can upgrade from XDR to XDR + SIEM at any time. Contact support@contraforce.com for assistance with module upgrades.